commerce-api-gateway
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the Apollo Router binary from its official domain (router.apollo.dev). This is a standard and expected installation method for a well-known service.\n- [REMOTE_CODE_EXECUTION]: Instructions include a shell command that pipes a script from router.apollo.dev directly to sh. As this originates from a well-known and recognized service provider, it is documented here as a standard setup procedure.\n- [COMMAND_EXECUTION]: The skill uses the rover CLI and the downloaded router binary to manage and run the GraphQL supergraph, which is the primary intended functionality.\n- [SAFE]: Implements robust security patterns including JWT verification with explicit algorithm checks, Redis-backed rate limiting, and strict CORS origin management without wildcards.
Audit Metadata